Monday, June 13, 2011

IMF latest hit by cyber criminals

The International Monetary Fund suffered a “very major breach,” as first reported Saturday by the New York Times.

Details are sketchy on the attack, which was revealed to IMF employees last week but not made public. The incident reportedly happened before Dominique Strauss-Kahn’s May 14 arrest and his departure as head of the IMF, which assists in global financial crisis and is a repository for highly confidential financial information on its member states – nearly every country in the world.

According to the New York Times, the World Bank cut off its computer link with the IMF out of “an abundance of caution.”

“I can confirm that we are investigating an incident,” IMF spokesperson David Hawley told CNN by e-mail. “I am not in a position to elaborate further on the extent of the cyber-security incident.”

The attack appears to have used “spear phishing” – tricking the end user to click on a link, reveal password information or download a malicious program from a source that appears to be legitimate. The IMF hasn’t revealed any suspicions on who launched the attack.

Spearphishing was used in the recent attack on high-profile Gmail users in the U.S. and South Korean governments, which Google said emanated from mainland China – a charge Beijing denied.

The IMF breach is the latest line of hacking attacks. Last week, CitiBank admitted that the personal details of 210,000 cardholders were stolen. In May, Lockheed Martin said there was a significant attempt to breach the defense contractor’s systems. In March, RSA Security – which makes two-step computer authentication systems – had confidential information stolen.

Sony’s PlayStation Network, Online Entertainment site and Sony Pictures websites have been hacked in the past few weeks; the hack of the PlayStation Network compromised the personal detail of tens of millions of customers and resulted in the network going offline for 23 days. Cost to the company is estimated at $171 million.

The breach of the IMF could have been aimed at stealing sensitive inside information which potentially could have the power to move markets. "The IMF attack was clearly designed to infiltrate the IMF with the intention of gaining sensitive 'insider privileged information'," cyber security specialist Mohan Koo told Reuters